Great news — now you can’t trust SSL certificates anymore. On the day before the New Year a successful generation of a rogue certificate was demonstrated in Berlin. A group of game maniacs set up a cluster of 200 Sony PlayStation 3s — that was enough to accomplish it 🙂 It’s not about SSL as a whole, it’s just about MD5 signatures that some SSL certificates are signed with. What would it mean to Java developers? 1. Double-check that certificates you rely on are not signed with MD5. Firefox lists this info in certificate details as Certificate Signature Algorythm. 2. Leave MD5 in year 2008 and start using sha1. Just start typing sha1sum instead of md5sum 🙂 Also, this is not the first time when rogue certificates get generated. Advanced Windows viruses are using false Microsoft certificates for quite some time already. Beware! Software Development